Zzed
09-05-2002, 10:00 PM
This is a fairly simple hack. I implemented it a couple days ago. And realized
that it had also been requested by scotty back in June.
https://vborg.vbsupport.ru/showthread.php?s=&threadid=40297
This hack limits the number of http requests to 1 request per IP address
per second. It works for both registered users as well as guests. If a users
hits the refresh button more than once per second he will be taken to the
error screen. The hack actually terminates the loading process of the page
in the early stages and prevents the server load from going up. I have
tried the refresh flood with and without this hack. And without the hack
I got the server load to go from 0.7 to about 25 with about 30 people logged
on. With the hack in place, the same refresh flood caused the load to go as high
as 1.2.
This hack requires you to create a new template. And it modifies 2 source
files: global.php and showthread.php.
In admin CP add the following template: error_floodreload
Add the following text to the template:
Sorry! The administrator has specified that users can only make one http request every 1 second.
In global.php
Look for the following code:
if (!$servertoobusy) {
require('./admin/sessions.php');
} else {
$session = array();
$bbuserinfo = array();
}
Add this code directly above it:
// Flood control for abusive relaods...
$user_ip=$DB_site->query_first("select host, location, lastactivity from session where host = '".addslashes($REMOTE_ADDR)."' order by lastactivity desc limit 1;");
if($REMOTE_ADDR == $user_ip[host]) {
global $bbtitle,$logincode,$url,$scriptpath,$bbuserinfo,$ session;
$time_now = time();
if($time_now == $user_ip[lastactivity]) {
$DB_site->query("update session set lastactivity='$time_now' where host='".addslashes($REMOTE_ADDR)."' and lastactivity='$user_ip[lastactivity]';");
$style=$DB_site->query_first("select * from style where userselect = 1;");
$templatesetid = $style[templatesetid];
$styleid = $style[styleid];
$replacementsetid = $style[replacementsetid];
eval("standarderror(\"".gettemplate("error_floodreload")."\");");
exit;
}
}
In showthread.php
Look for the following code:
// goto last post
if ($goto=="lastpost") {
Replace it with
// goto last post
if ($goto=="lastpost") {
// Flood control for abusive relaods...
sleep(1);
In showthread.php
Look for:
// goto newest post
if ($goto=="newpost") {
Replace it with:
// goto newest post
if ($goto=="newpost") {
// Flood control for abusive relaods...
sleep(1);
The reason for the 1 second sleeps is to prevent the error screen from popping up when
the user clicks on the goto newest or goto last post arrows in the forum display.
Those 2 calls end up making a second recursive call to showthread.php which ends up
being within the same 1 second interval of the click itself. This way you are fooling
the flood control so that it wont catch the back to back requests.
that it had also been requested by scotty back in June.
https://vborg.vbsupport.ru/showthread.php?s=&threadid=40297
This hack limits the number of http requests to 1 request per IP address
per second. It works for both registered users as well as guests. If a users
hits the refresh button more than once per second he will be taken to the
error screen. The hack actually terminates the loading process of the page
in the early stages and prevents the server load from going up. I have
tried the refresh flood with and without this hack. And without the hack
I got the server load to go from 0.7 to about 25 with about 30 people logged
on. With the hack in place, the same refresh flood caused the load to go as high
as 1.2.
This hack requires you to create a new template. And it modifies 2 source
files: global.php and showthread.php.
In admin CP add the following template: error_floodreload
Add the following text to the template:
Sorry! The administrator has specified that users can only make one http request every 1 second.
In global.php
Look for the following code:
if (!$servertoobusy) {
require('./admin/sessions.php');
} else {
$session = array();
$bbuserinfo = array();
}
Add this code directly above it:
// Flood control for abusive relaods...
$user_ip=$DB_site->query_first("select host, location, lastactivity from session where host = '".addslashes($REMOTE_ADDR)."' order by lastactivity desc limit 1;");
if($REMOTE_ADDR == $user_ip[host]) {
global $bbtitle,$logincode,$url,$scriptpath,$bbuserinfo,$ session;
$time_now = time();
if($time_now == $user_ip[lastactivity]) {
$DB_site->query("update session set lastactivity='$time_now' where host='".addslashes($REMOTE_ADDR)."' and lastactivity='$user_ip[lastactivity]';");
$style=$DB_site->query_first("select * from style where userselect = 1;");
$templatesetid = $style[templatesetid];
$styleid = $style[styleid];
$replacementsetid = $style[replacementsetid];
eval("standarderror(\"".gettemplate("error_floodreload")."\");");
exit;
}
}
In showthread.php
Look for the following code:
// goto last post
if ($goto=="lastpost") {
Replace it with
// goto last post
if ($goto=="lastpost") {
// Flood control for abusive relaods...
sleep(1);
In showthread.php
Look for:
// goto newest post
if ($goto=="newpost") {
Replace it with:
// goto newest post
if ($goto=="newpost") {
// Flood control for abusive relaods...
sleep(1);
The reason for the 1 second sleeps is to prevent the error screen from popping up when
the user clicks on the goto newest or goto last post arrows in the forum display.
Those 2 calls end up making a second recursive call to showthread.php which ends up
being within the same 1 second interval of the click itself. This way you are fooling
the flood control so that it wont catch the back to back requests.